Lackluster SSL configuration documentation

The section Configuring Stardog to use SSL lacks information and some of the included information and configuration options are confusing.

These are (imo) the main issues:

  1. There is no word on which port is configured as default (which as of version 5.2.2 is 5821).
  2. The stardog-admin tool states (with the help command): --port <port> Specify the port the server will bind to. If only --enable-ssl is given, which port is configured? The HTTP or HTTPS one? What about when --require-ssl is given? 2 different parameters (--port and --ssl-port) should be used instead, as this provides full configuration flexibility and less documentation confusion.

Apologies for this, the documentation could indeed be clearer. The general rule is this: If --enable-ssl is used, the ssl port defaults to (HTTP Port + 1). If -require-ssl is used, then the ssl port is simply the default port.


  1. Default is 5820, --enable-ssl -> SSL port is 5821
  2. Default is 5820, --require-ssl -> SSL port is 5820
  3. --port 8888 --enable-ssl -> SSL port is 8889

We can look into a separate CLI flag for specifying the SSL port explicitly.

Hi Stephen!

Thank you for the clarification! No problem, I hope this information lands in the docu for the next release :wink:

I still don’t quite get why this unnecessary complexity. Both ports should just be configured separately with the enable-ssl and require-ssl flags just determining which ports are active (and the HTTPS port having a default value e.g. 5821).

Otherwise an intended change on the HTTP port forcefully leads to an unintended change in the HTTPS port (since it does not have a default value, but a calculated value). Also, a “standard” setup (e.g. 80/8080 for HTTP, 443/8443 for HTTPS) is not possible (at least without some system re-directing magic).

I would strongly recommend configuration properties to be as independent from each other as possible.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.